Computer Lists and Access Control

Similar Messages

• User management and Access Control in HCM Cloud

  Hello,
  Information is scarce about User management and Access Control in Oracle Cloud generally. Today, I have two questions :
  - How can I bridge HCM Cloud user store with my on-premise IDM or security repository in order to allow identty governance to flow to HCM Cloud service ?
  The only information I got was that you can declare manually and by bulk import through files my users. This is not really interresting as I have an automatic IDM with workflows and identity control on provisioning and de-provisioning.
  Is there a SPML or proprietary endpoint to do it automatically ? What are the prerequisites ? Do I have to implement OIM on my side ?
  - Once my users are created, how can I do webSSO from my internal security repositories to the HCM Cloud service ?
  I do not want to distribute new set of login / passwords to my users. Is it possible to do Identity Federation (SAML 2.0 or WS-Fed) with HCM Cloud service ? What are the prerequisites ? Do I have to implement OAM on my side ?
  I accept all pieces of information you can give me on this topic to help me understand the funcitonalites, limits and options offered by Oracle Cloud and more precisely by HCM Cloud service.
  Best regards,

  OIDDAS has limited capability of access control and information hiding. Presently, the permissions and privileges can be set at a realm level, and fine grained access control / information hiding cannot be done.
  At present, the only way to restrict view and access control is by appplying ACLs (which is not the safest bet).

• List and details controls of JFileChooser not working

  hey pls tell me wheather there is any way of making list and details controls of JFileChooser work in jdk1.3 it perfectly work in jdk1.4 ....
  pls help me
  thanx
  nik

  Hi Kamal
  In XI 3.0, this is a known issue for DCP value which is based on SAP OpenSQL driver can't be shown .
  It has been resolved in XI3.1 version.
  Thanks
  Ricky

• Inside Identity and Access Control products

  Hello,
  For the past few months I was working on a blog which can help understanding under the hood of identity and access control products. Please have a look into it and let me know how to improve the contents.
  http://identitycontrol.blogspot.com

  Latest Topics
  1) Video of Federated Access Control
  2) RSA Conference 2007

• Inside identity and access control products : blog

  Frinends,
  Visit my blog http://identitycontrol.blogspot.com to get inside working of the identity and access control products. My efforts here is to explain insides in a simple language.
  Latest topic i added is "SAML in action"
  Please post your comments also so I can improve the contents.
  Thanks

  Thanks a lot idmguru!!
  your efforts are simply awesome..
  -Yash Bansal

• Inside of idm and access control products

  Hello Friends,
  For the past few months I was working on a blog where I shared my past experiences with the IAM products, New technologies and problems faced in the products at a conceptual level. I thought of sharing that with experienced team of technocrats like you. Please have a look into this and let me how how can I improve this.
  blog URL --> http://identitycontrol.blogspot.com/
  Thanks
  idmguru

  Frinends,
  Visit my blog http://identitycontrol.blogspot.com to get inside working of the identity and access control products. My efforts here is to explain insides in a simple language.
  Latest topic i added is "SAML in action"
  Please post your comments also so I can improve the contents.
  Thanks

• War file and access control with WebLogic

  I am trying to put some access control on different files in my war-file, but just can't get it to work... It seems like all roles defined in weblogic.properties gives the user access to all files in the war. I just don't understand the connections between the security realm, the weblogicURL.policy file and the web.xml file... If I do not specify a weblogic.security.URLAclFile, no access control is done at all.
  This is how my weblogic.properties file looks like:
  weblogic.security.URLAclFile=e:\\weblogic\\weblogicURL.policy
  weblogic.password.koko=kokokoko
  weblogic.password.arnebelinda=arne1234
  weblogic.security.group.ppuseradmins=arnebelinda
  and my weblogicURL.policy:
  deny Principal weblogic.security.acl.GroupImpl "everyone" {
  Permission weblogic.security.acl.URLAcl "weblogic.url", "/admin/-";
  and finally, my web.xml-file:
  <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN"
  "http://java.sun.com/j2ee/dtds/web-app_2_2.dtd">
  <web-app>
       <session-config>
            <session-timeout>30</session-timeout>
       </session-config>
       <welcome-file-list>
            <welcome-file>index.jsp</welcome-file>
       </welcome-file-list>
       <security-constraint>
            <web-resource-collection>
                 <web-resource-name>admin</web-resource-name>
                 <url-pattern>index.jsp</url-pattern>          </web-resource-collection>
            <auth-constraint>
                 <role-name>ppuseradmins</role-name>
            </auth-constraint>
       </security-constraint>
       <login-config>
            <auth-method>BASIC</auth-method>
            <realm-name>WebLogic Server</realm-name>
       </login-config>
       <security-role>
            <role-name>ppuseradmins</role-name>
       </security-role>
  </web-app>
  it does not matter which user is part of the ppuseradmins group. The user koko is not a member, but is given access to my whole .war anyway (after submitting correct username/password). Omitting the <realm-name> does not seem to work either; the default realm is not used, instead null is used.
  Does anybody have a clue? I would really appreciate it!
  I am using WebLogic 5.1 sp 9
  best regards,
  PJ

  In you pocily file entry, you have specified "/admin/-"
  However, in the <security-constraint> element in web.xml, your <url-pattern> is not set to /admin
  Could that be the problem ?

• War file and access control

            I am trying to put some access control on different files in my war-file, but just
            can't get it to work... It seems like all roles defined in weblogic.properties
            gives the user access to all files in the war. I just don't understand the connections
            between the security realm, the weblogicURL.policy file and the web.xml file...
            If I do not specify a weblogic.security.URLAclFile, no access control is done
            at all.
            This is how my weblogic.properties file looks like:
            weblogic.security.URLAclFile=e:\\weblogic\\weblogicURL.policy
            weblogic.password.koko=kokokoko
            weblogic.password.arnebelinda=arne1234
            weblogic.security.group.ppuseradmins=arnebelinda
            and my weblogicURL.policy:
            deny Principal weblogic.security.acl.GroupImpl "everyone" {
            Permission weblogic.security.acl.URLAcl "weblogic.url", "/admin/-";
            and finally, my web.xml-file:
            <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN"
            "http://java.sun.com/j2ee/dtds/web-app_2_2.dtd">
            <web-app>
            <session-config>
            <session-timeout>30</session-timeout>
            </session-config>
            <welcome-file-list>
            <welcome-file>index.jsp</welcome-file>
            </welcome-file-list>
            <security-constraint>
            <web-resource-collection>
            <web-resource-name>admin</web-resource-name>
            <url-pattern>index.jsp</url-pattern> </web-resource-collection>
            <auth-constraint>
            <role-name>ppuseradmins</role-name>
            </auth-constraint>
            </security-constraint>
            <login-config>
            <auth-method>BASIC</auth-method>
            <realm-name>WebLogic Server</realm-name>
            </login-config>
            <security-role>
            <role-name>ppuseradmins</role-name>
            </security-role>
            </web-app>
            it does not matter which user is part of the ppuseradmins group. The user koko
            is not a member, but is given access to my whole .war anyway (after submitting
            correct username/password). Omitting the <realm-name> does not seem to work either;
            the default realm is not used, instead null is used.
            Does anybody have a clue? I would really appreciate it!
            I am using WebLogic 5.1 sp 9
            best regards,
            PJ
            

  In you pocily file entry, you have specified "/admin/-"
  However, in the <security-constraint> element in web.xml, your <url-pattern> is not set to /admin
  Could that be the problem ?

• Nintex Workflow and Access Control

  Hello, can anybody help with getting owner permissions on Nintex workflows in Sharepoint 2010 with Powershell.
  I also want to ask your opinion about Access control in Sharepoint 2010. Should all Access Control like AD, Sharepoint, Titus be in the hands of Administrator or some of it like Titus be in the hand of the Developers.
  Best Regards Olafur_s
  Icelandic DBA admin

  Hello
  Hemendra,<o:p></o:p>
  Thank you
  for your answer. I have developers that create sites and lists and they are all Site Collection admin. The problem is that they can go everywhere they want and look into all kinds of sensitive information and do all that they want to do. So basically they
  are running the system. <o:p></o:p>
  I am new to
  Sharepoint as an admin but I have experience in other system like AD, Exchange, SQL. The evolution of this Sharepoint system here brought it to the point that the developers have too much admin rights and the system is not working well. I am trying to
  find the fine line between the Administration part, my work, and the developers part and not steeping on the developers toe's.
  Best regards Olafur_s<o:p></o:p>
  Icelandic DBA admin

• EJB and access controll???

  Hi all,
  I have a question about access control via EJB,
  For example I have a client app�ication and on start I will prompt user for user name and password, and now what to do with this information how to pas it to the ejb server, or??? Or may be some of you have any link to tutorial as an answer? My EJB will access database and I want to use the access control from database.
  Thank you in advance.

  Hi Eshwa,
  thank you for your reply, I found a nice developer guide on the link that you give me, but I steal have a problem with undestanding of practical way to pas user information from client application to ejb server, may be you can give mi a pice of code or an small example, where is geted 2 String (user name and password) and sent to the ejb server to be autentificated, and then to have acces to the resources that is accessable for this user (discribed in the deployment description user - role).
  Anyway thank you again.
  Best regards Alexander Hincu .

• Computer crashing and nvidia control panel missing options

  Hey, I bought 2x msi gtx 970 and put them in sli mode. They worked fine for a while but yesterday I started having problems. I was playing shadow of mordor and suddenly my screen went black and my computer restarted. It worked fine afterwards tho. Then today I played some LoL and after playing for like 15 minutes or so it happened again. But now also after the computer restarted my nvidia control panel was missing options. There were only setup g-sync, set up stereostopic 3d and view rating for games. I'm not sure if this happened yesterday too. I tried reinstalling the drivers (tho I'm not 100% sure I did a perfectly clean install) and the options came back but the crash happened again and the options disappeared also again. I have 850w corsair tx850 so I think that should be enough power? My mobo is asus P8Z77V-Deluxe and cpu intel i7 3770k @ 4.3ghz. So what is the problem?
  EDIT: after I restarted my computer again the options in the control panel reappeared
  EDIT2: I ran furmark with both sli on and sli off for about 50 minutes and oddly enough my computer didn't crash. Everything ran well. Here's some statistics from sli: GPU1: 1316MHz @ 99% load, temp 80 C, voltage 1.193V, GPU2: started at 1303MHz and then dropped to 1277MHz @ 97% load, temp 62 C, voltage 1.206V. Another weird thing is that the crashes in lol kept happening even after this and always around 15-20 mins to the game. I would say it's an issue with lol but it happened once with shadow of mordor too. I haven't played any other games. Also it's weird that this started happening only recently, not from the beginning. I do recall downloading some update to geforce experience recently, don't know if that matters.
  Also I'd like to know that are those temperatures normal for air cooling in sli and/or are they too high?
  EDIT3: Just noticed that everytime I try to run pci-express render test on gpu-z my computer crashes instantly and apparently trying to run furmark now also crashes the computer

  Quote from: Nichrome on 16-October-14, 00:56:09
  Hello,
  Could you please be more accurate on your spec: >>Posting Guide<<  RAM, frequencies, timings and so on.
  Would be worth trying bit more powerful PSU. Not saying this one is insufficient, but it's always best to rule something out for 100% sure.
  Remove OC from the CPU and RAM (RAM to be 1333MHz and CPU to run stock). Or try >>Clear CMOS Guide<<
  Make sure that you're running latest BIOS for the motherboard <Contact ASUS about it>
  Temps are completely fine for SLI on air. Top card always is much hotter than the other. However you could reapply thermal paste on both cards, run single card for 1h and record its temps, then do the same for the 2nd card (in single card mode so the other is out of the PC) and use the cooler one on top.
  I feel so dumb right now. Seems like one power cord from the psu to my gpu wasn't properly attached and now that it's completely connected everything seems to work. I'll update this thread if that didn't fix the problem. But anyways thanks for your fast response

• Exact cell in list and Table Control

  Hi,
  Is there someone who knows,
  how to to get exact cell from lists (START-OF-SELECTION)
  or from Table Control.
  For example:
  In list I wrtie:
  number name date
  1234    | es    | 10/07/07
  and now if I click for example on "es" now there should window apear about name "es"
  the same with Table Control.
  I know that get selected line is not the problem
  but how to get column ???
  Please it's very important
  Best regards,
  Greg.

  hi,
  You can retrieve information either about the current field or the current line.
  For field information, use this syntax:
  GET CURSOR FIELD <f> [OFFSET <off>]
                                        [LINE <lin>]
                                       [VALUE <val>]
                                       [LENGTH <len>].
  This statement transfers the name of the field on which the cursor is positioned during a user action into the variable <f>. If the cursor is on a field, the system sets SY-SUBRC to 0, otherwise to 4.
  The system transports the names of global variables, constants, field symbols, or reference parameters of subroutines. For literals, local fields, and VALUE parameters of subroutines, the system sets SY-SUBRC to 0, but transfers SPACE as the name.
  The options have the following effects:
  OFFSET <off>
  The field <off> contains the position of the cursor within the field. If the cursor is on the first column, <off> = 0.
  LINE <lin>
  The field <lin> contains the number of the list line on which the cursor is positioned (SY-LILLI).
  <b>VALUE <val></b>
  The field <val> contains the character string output representation of the field on which the cursor is positioned. The representation includes formatting characters.
  LENGTH <len>
  The field <len> contains the output length of the field on which the cursor is positioned.
  <b>you try with this logic.</b>
  **define variables for holding field name and field values
  DATA: fieldname type n,
            fieldval      type n.
  <b>GET CURSOR FIELD  fieldname  VALUE fieldval </b>
  now the fieldname and fieldval variables hold the values which was selected by user based on cursor position.
  the variable declarations based on your selected fields.
  regards,
  Ashok Reddy

• 2-way SSL and access control using the client certificate

  Hi,
  I'd like to configure WLS 8.1 so that the server will use the client identity extracted from the client certificate to determine whether permissions should be granted. I am having some problems.
  Details: The client can be either a Web service or a web application. The steps for authentication and authorization should be:
  - The client sends a request to an Apache server (DMZ) which will then be forwarded to WLS.
  - The client's identity, common name from the X.509 certificate, is mapped to the "username" (using WLS default identity assertion provider).
  - Validate whether the client should be trusted (via the list in the trusted credentials)
  - Check whether the resource should be granted based on the "username".
  The on-line manual says
  "If the Web browser or Java client requests a WebLogic Server resource protected by a security policy, WebLogic Server requires that the Web browser or Java client have an identity."
  "The user corresponding to the Subject's Distinguished Name (SubjectDN) attribute in the client's digital certificate must be defined in the server's security realm; otherwise the client will not be allowed to access a protected WebLogic resource. For information on configuring users on the server, see Creating Users in Managing WebLogic Security."
  So the questions I have are:
  - If the client identity is certificate based, why should we configure users with the "user name" and "password"? How can we get around it?
  - Once I defined the security condition for my app to use "user name of the caller," a default username and password prompt automatically popped up.
  Apparently, the SSL mutual authentication configuration and the default authentication provider to use the X.509 type didn't take any effect.
  - Without defining the security policy for the application, the debugging messages show that
  getRoles(): input arguments: subject:0
  Entitlement - <Role:Annonymous with expr:Grp(everyone)>
  Any suggestions? Thanks.

  Hi,
  I am trying to use 2 way ssl using webservices client , here is my code :
  AxisProperties.setProperty("org.apache.axis.components.net.SecureSocketFactory","org.apache.axis.components.net.SunFakeTrustSocketFactory");
  SSLAdapterFactory factory = SSLAdapterFactory.getDefaultFactory();
  WLSSLAdapter adapter = (WLSSLAdapter) factory.getSSLAdapter();
  // clientCredentialFile stores in PEM format the public key and
  // all the CAs associated with it + then the private key. All this in // a concatenated manner
  FileInputStream clientCredentialFile = new FileInputStream ("C:\\sslcert\\client-pub3.pem");
  // private key password
  String pwd = "password";
  adapter.loadLocalIdentity(clientCredentialFile, pwd.toCharArray());
  adapter.setVerbose(true);
  adapter.setTrustedCertificatesFile("C:\\certificate\\server\\server.jks");
  adapter.setStrictCheckingDefault(false);
  factory.setDefaultAdapter(adapter);
  factory.setUseDefaultAdapter(true);
  boolean idAvailability = false;
  UNSLocator locator = new UNSLocator();
  URL portAddress = new URL("https://localhost:7002/smuSSWeb/UNSResponse.xml");
  UNSPort unsprt = locator.getUNSPort(portAddress);
  idAvailability = unsprt.isIDAvailable("Yulin125", "C");
  System.out.println("Got from method :"+idAvailability);
  After runing this code i am getting the following exception :
  AxisFault
  faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
  faultSubcode:
  faultString: java.net.SocketException: Software caused connection abort: socket write error
  faultActor:
  faultNode:
  faultDetail:
  I am using .pem (clientsigned,clientinter,clientroot, root-key) files for client authentication and i am using server.jks as a keystore for my server authentication.Once i run this code , i am able to present the server certificate chain to the client but i am not able to present the client certificate chain to server.
  I am stuck with for quite sometime.
  Some insight needed from the guru's

• Strange behavior of auto-create destionations and access control

  I'm noticing some strange behavior that looks like a bug in IMQ 3.5 SP1 (and earlier). I can't find any mention of this in the Sun Bug parade so I thought I'd ask here.
  Background:
  1) Admin-created queue named 'foo' exists. Verified with imqcmd.
  2) User 'bob' wants to access 'foo' as a consumer.
  3) accesscontrol.properties, relevant sections:
  queue.foo.consume.allow.user=bob
  queue.create.deny.user=*
  4) When config.properties has:
  imq.autocreate.queue=false
  then the connection works fine.
  5) However when config.properties has:
  imq.autocreate.queue=true
  the following error is provided when connecting:
  com.sun.messaging.jms.JMSSecurityException: [C4077]: Client is not authorized to create destination : foo
  My reading of the manual says that user 'bob' should be able to connect to destination 'foo' even though he doesn't have the queue creation privilege because 'foo' is an administratively created queue that already exists.
  A short term workaround is to allow all users to have the create privilege. This is not a good thing from a security design standpoint. I want only one user to have this privilege and all others should not have it. Unfortunately, without this privilege, all other users can no longer connect.
  Thanks in advance for any help you can provide on this issue.

  I've reproduced this and it sure looks like a bug. I've submitted bug:
  5024685 ACLs: queue.create.deny.user=* and imq.autocreate.queue=true interact poorly
  I think the best workaround is to set imq.autocreate.queue=false
  and administratively create all destinations.

• Inheritance and access control - "private protected"

  I'm reopening an old topic, seems to have been last discussed here 2-3 years ago.
  It concerns the concept of restricting access to class members to itself, and its subclasses. This is what "protected" does in C++ and "private protected" did in early versions of the Java language. This feature was removed from Java with a motivation along the lines of not being "simple", and "linear" (in line with the other access modes, each being a true subset of the next). Unfortunately, the article which explained Sun's position on this keyword combination seems to have been removed from the site, so I haven't been able to read its original text.
  But regardless of simplicity of implementation or explaining Java's access modifiers to newbies, I believe it is a fundamental part of OO programming for such an access mode to exist. The arguments for having the standard "private" mode in fact also apply for having a C++-style "protected" mode. (Arguing that classes within a package are related and it therefore doesn't hurt to also give them access to Java's "protected" members, is equally arguing that "private" is unneccessary, which noone of course believes.)
  The whole concept of inheritance and polymorphism and encapsulation builds on the access modes private, protected, and public (in the C++ senses). In Java the "package" concept was added - a nice feature! But I see no justification for it to negate the proper encapsulation of a class and its specializations.

  What effect upon inheritance other than hiding members
  from subclasses is there?
  None. And I cant think of another declaration that prevents members from being inherited but private.
  Of course the onus comes on the programmer with Java's
  definition of "protected" - but
  1) there is rarely a single programmer working within
  a package
  The point was the package is a unit which does not hide from itself. Just like all methods within a class can see each other, all classes within a package can, and all packages within a program can.
  2) it muddies the encapsulation in the design - when
  you see a "protected" method someone else, or yourself
  some time ago - wrote, how do you know if the design
  intention is to have it accessed solely by the class
  and its subclasses, or if it is indeed intended to be
  shared with the whole package? The only way to do
  this today is to always explicitly specify this in the
  comments, which may be lacking, inconsistent, and
  abused (since it isn't enforced).Encapsulation would be implementation hiding. Not method hiding. The only thing you should probably allow out of your package is an interface and a factory anyway.
  I understand where you are coming from, but I really have not had occasion to take issue with it. I can't think of a real codeing situation where this is required. OTOH, I can't think of a coding situation where I need to access a protected method from another class either.